backend/gateway: block comically large string payloads

2022-04-14 21:29:46 +03:00 · 2022-04-14 21:29:46 +03:00 · 538717cfc9
commit 538717cfc9
parent fec30b7ec9
2 changed files with 7 additions and 1 deletions
--- a/src/errors.ts
+++ b/src/errors.ts
@ -14,4 +14,5 @@ export const gatewayErrors = {
    NO_PING: { code: 4004, message: "No ping" },
    FLOODING: { code: 4005, message: "Flooding (exceeded maximum messages per batch)" },
    ALREADY_AUTHENTICATED: { code: 4006, message: "Already authenticated" },
+    PAYLOAD_TOO_LARGE: { code: 4007, message: "Payload too large" },
 };
--- a/src/gateway/index.ts
+++ b/src/gateway/index.ts
@ -170,8 +170,13 @@ export default function(server: Server) {
            if (ws.state.messagesSinceLastCheck > MAX_CLIENT_MESSAGES_PER_BATCH) {
                return closeWithError(ws, gatewayErrors.FLOODING);
            }
+            
+            const stringData = rawData.toString();
+            if (stringData.length > 2048) {
+                return closeWithError(ws, gatewayErrors.PAYLOAD_TOO_LARGE);
+            }

-            const payload = ensureFormattedGatewayPayload(parseJsonOrNull(rawData.toString()));
+            const payload = ensureFormattedGatewayPayload(parseJsonOrNull(stringData));
            if (!payload) {
                return closeWithBadPayload(ws, "Invalid JSON or message does not match schema");
            }